added notes to settings.yaml

moved core app config (name, version) out of settings and into app/app_settings.py added ability to brand SneakyScope to any name added caching of cert information from crt.sh (cache enable and lenght is configurable in settings.yaml) streamlined header/footer loading to be more correct
2025-08-23 20:37:44 -05:00
parent 5af8513e14
commit b59bf67329
17 changed files with 317 additions and 56 deletions
--- a/app/rules/factory.py
+++ b/app/rules/factory.py
@@ -34,18 +34,33 @@ def build_rules_engine() -> RuleEngine:
    def add(rule: Rule):
        eng.add_rule(rule)

-    add(Rule("form_action_missing", "Form has no action attribute", "form", "function",
-             FunctionRuleAdapter(form_action_missing, category="form", adapter=adapter, rule_name="form_action_missing")))
-    add(Rule("form_http_on_https_page", "Form submits via HTTP from HTTPS page", "form", "function",
-             FunctionRuleAdapter(form_http_on_https_page, category="form", adapter=adapter, rule_name="form_http_on_https_page")))
-    add(Rule("form_submits_to_different_host", "Form submits to a different host", "form", "function",
-             FunctionRuleAdapter(form_submits_to_different_host, category="form", adapter=adapter, rule_name="form_submits_to_different_host")))
-    add(Rule("script_src_uses_data_or_blob", "Script src uses data:/blob: URL", "script", "function",
-             FunctionRuleAdapter(script_src_uses_data_or_blob, category="script", adapter=adapter, rule_name="script_src_uses_data_or_blob")))
-    add(Rule("script_src_has_dangerous_extension", "External script with dangerous extension", "script", "function",
-             FunctionRuleAdapter(script_src_has_dangerous_extension, category="script", adapter=adapter, rule_name="script_src_has_dangerous_extension")))
-    add(Rule("script_third_party_host", "Script is from a third-party host", "script", "function",
-             FunctionRuleAdapter(script_third_party_host, category="script", adapter=adapter, rule_name="script_third_party_host")))
+    # Form no action
+    add(Rule(
+    name="form_action_missing",
+    description="Form has no action attribute",
+    category="form",
+    rule_type="function",
+    function=FunctionRuleAdapter(form_action_missing, category="form", adapter=adapter, rule_name="form_action_missing"),
+    ))
+
+    # add(Rule(
+    # name="form_http_on_https_page",
+    # description="Form submits via HTTP from HTTPS page",
+    # category="form",
+    # rule_type="function",
+    # function=FunctionRuleAdapter(form_http_on_https_page, category="form", adapter=adapter, rule_name="form_http_on_https_page"),
+    # ))
+
+    # add(Rule("form_http_on_https_page", "Form submits via HTTP from HTTPS page", "form", "function",
+    #          FunctionRuleAdapter(form_http_on_https_page, category="form", adapter=adapter, rule_name="form_http_on_https_page")))
+    # add(Rule("form_submits_to_different_host", "Form submits to a different host", "form", "function",
+    #          FunctionRuleAdapter(form_submits_to_different_host, category="form", adapter=adapter, rule_name="form_submits_to_different_host")))
+    # add(Rule("script_src_uses_data_or_blob", "Script src uses data:/blob: URL", "script", "function",
+    #          FunctionRuleAdapter(script_src_uses_data_or_blob, category="script", adapter=adapter, rule_name="script_src_uses_data_or_blob")))
+    # add(Rule("script_src_has_dangerous_extension", "External script with dangerous extension", "script", "function",
+    #          FunctionRuleAdapter(script_src_has_dangerous_extension, category="script", adapter=adapter, rule_name="script_src_has_dangerous_extension")))
+    # add(Rule("script_third_party_host", "Script is from a third-party host", "script", "function",
+    #          FunctionRuleAdapter(script_third_party_host, category="script", adapter=adapter, rule_name="script_third_party_host")))

    log.info("Registered %d total rules (YAML + function)", len(eng.rules))
    return eng